COMPTIA Security+ SYO-601 Exam With Complete Solutions
100% Correct Latest Update
Rainbow Tables - ANSWER A rainbow table is a table of common hashes for plaintext
while using various hashing algorithms. These tables are pre-calculated so an attacker
has to do
little work to utilize one.
A Rainbow table can be compared with a master password file of corporate
Users, and if the Rainbow Table is able to successfully find a user's password, then you
know one of two things must be true, or both.
One: The user's password is weak.
Two: The hash algorithm your company uses is weak.
Attackers can also build their own rainbow table while attempting to brute-force a hash.
Dictionary Attack - ANSWER A dictionary attack is similar to a brute-force but instead of
systematically working through otherwise random passwords, a dictionary attack goes
after common passwords first.
In this way, passwords such as "password" or "12345" would be broken in very short
order.
To help counter this type of attack, companies can educate users on proper password
hygiene as well as implement a robust password policy.
Dictionary attack nonetheless can
successful, but it prevents those easy passwords from being discovered quickly.
,Weak Implementation - ANSWER Weak encryption based attacks target the
implementation or the algorithm itself, that is used in implementing password based
authentication.
If the attacker has access to the location where the passwords are stored and if there
are suitable conditions for the attacker to break the passwords,
then it is pretty much a situation of compromise.
Brute Force - ANSWER A brute force attack is a manual method of guessing a password,
pin or any other passphrase-like authentications in order to gain access to an account
or
system.
Or in case of encrypted data, the attacker may try to guess the encryption key by a
program or algorithm.
In theory any key can be brute forced but some forms of encryption are estimated to
take so long to break, it is statistically impossible.
Downgrade - ANSWER A downgrade attack is an attack that forces a system to utilize a
weaker form of encryption or security. This way the attacker can have an easier time
breaking the weaker encryption as opposed to the previously implemented one.
Alternatively, if possible, forcing the target system to abandon the encryption entirely.
This attack can be a result of the main in the middle attack, which all the user's traffic is
sent through a malicious device. The attack negotiates the
user's connection to use a weaker encryption.
This can be prevented by not allowing a user to use older versions of an application or
protocol, which in a sense forces the latest and greatest security.
, Script Kiddies - ANSWER A Script Kiddie is some form of unskilled hacker who has no
real skill of their own. They will utilize common or easily implemented vulnerabilities that
can be found online.
Because they are assumed to be unskilled, they would thus considered to be a minor
threat when compared to other threat actors.
Script kiddies may present a threat to your untrained users; however generally user
training and proper security controls on the network can mitigate most of the attacks
that would be carried out by a script kiddie.
Hacktivist - ANSWER A Hacktivist is an individual who uses hacking for promoting a
cause or push a political agenda
A hacktivist can be anything from an individual getting
attention for a cause to a cyberterrorist.
This can cause a moral grey area when viewing a hacktivist. Some will support the
cause and others will condone it depending on the cause.
Hacktivism is frequently a red herring for a more
threatening attack. For example, a website might get
defaced and some credit cards might be discreetly stolen.
Organized Crime - ANSWER The most ordinary foe thought of when speaking about data
theft, cyber-criminals are after the immediate reward of a financial payment.
They tend to go after personal and financial data with the purpose of leveraging or
selling the information for personal material benefits.
100% Correct Latest Update
Rainbow Tables - ANSWER A rainbow table is a table of common hashes for plaintext
while using various hashing algorithms. These tables are pre-calculated so an attacker
has to do
little work to utilize one.
A Rainbow table can be compared with a master password file of corporate
Users, and if the Rainbow Table is able to successfully find a user's password, then you
know one of two things must be true, or both.
One: The user's password is weak.
Two: The hash algorithm your company uses is weak.
Attackers can also build their own rainbow table while attempting to brute-force a hash.
Dictionary Attack - ANSWER A dictionary attack is similar to a brute-force but instead of
systematically working through otherwise random passwords, a dictionary attack goes
after common passwords first.
In this way, passwords such as "password" or "12345" would be broken in very short
order.
To help counter this type of attack, companies can educate users on proper password
hygiene as well as implement a robust password policy.
Dictionary attack nonetheless can
successful, but it prevents those easy passwords from being discovered quickly.
,Weak Implementation - ANSWER Weak encryption based attacks target the
implementation or the algorithm itself, that is used in implementing password based
authentication.
If the attacker has access to the location where the passwords are stored and if there
are suitable conditions for the attacker to break the passwords,
then it is pretty much a situation of compromise.
Brute Force - ANSWER A brute force attack is a manual method of guessing a password,
pin or any other passphrase-like authentications in order to gain access to an account
or
system.
Or in case of encrypted data, the attacker may try to guess the encryption key by a
program or algorithm.
In theory any key can be brute forced but some forms of encryption are estimated to
take so long to break, it is statistically impossible.
Downgrade - ANSWER A downgrade attack is an attack that forces a system to utilize a
weaker form of encryption or security. This way the attacker can have an easier time
breaking the weaker encryption as opposed to the previously implemented one.
Alternatively, if possible, forcing the target system to abandon the encryption entirely.
This attack can be a result of the main in the middle attack, which all the user's traffic is
sent through a malicious device. The attack negotiates the
user's connection to use a weaker encryption.
This can be prevented by not allowing a user to use older versions of an application or
protocol, which in a sense forces the latest and greatest security.
, Script Kiddies - ANSWER A Script Kiddie is some form of unskilled hacker who has no
real skill of their own. They will utilize common or easily implemented vulnerabilities that
can be found online.
Because they are assumed to be unskilled, they would thus considered to be a minor
threat when compared to other threat actors.
Script kiddies may present a threat to your untrained users; however generally user
training and proper security controls on the network can mitigate most of the attacks
that would be carried out by a script kiddie.
Hacktivist - ANSWER A Hacktivist is an individual who uses hacking for promoting a
cause or push a political agenda
A hacktivist can be anything from an individual getting
attention for a cause to a cyberterrorist.
This can cause a moral grey area when viewing a hacktivist. Some will support the
cause and others will condone it depending on the cause.
Hacktivism is frequently a red herring for a more
threatening attack. For example, a website might get
defaced and some credit cards might be discreetly stolen.
Organized Crime - ANSWER The most ordinary foe thought of when speaking about data
theft, cyber-criminals are after the immediate reward of a financial payment.
They tend to go after personal and financial data with the purpose of leveraging or
selling the information for personal material benefits.
